Results 1 to 2 of 2

Thread: Bind9 still failing

Threaded View

  1. #1
    Join Date
    May 2008
    Beans
    8

    Bind9 still failing

    Installed Hardy updated to 8.04.1LTS w/LVM

    All was well,
    Code:
    Dec 20 16:21:14 wonder named[31642]: starting BIND 9.4.2-P2 -u bind
    Dec 20 16:21:14 wonder named[31642]: found 1 CPU, using 1 worker thread
    Dec 20 16:21:14 wonder named[31642]: loading configuration from '/etc/bind/named.conf'
    Dec 20 16:21:14 wonder named[31642]: listening on IPv6 interfaces, port 53
    then I started going thru the Howtoforge "perfect server" tutorial. Got to the part where bind gets chrooted and...

    Bind 9 fails - acc'd to /var/log/syslog:
    Code:
    Dec 21 14:00:54 wonder named[6828]: starting BIND 9.4.2-P2 -u bind -t /var/lib/named
    Dec 21 14:00:54 wonder named[6828]: found 1 CPU, using 1 worker thread
    Dec 21 14:00:54 wonder named[6828]: loading configuration from '/etc/bind/named.conf'
    Dec 21 14:00:54 wonder named[6828]: none:0: open: /etc/bind/named.conf: permission denied
    Dec 21 14:00:54 wonder named[6828]: loading configuration: permission denied
    Dec 21 14:00:54 wonder named[6828]: exiting (due to fatal error)
    Have tried it, per the tutorial ( w/ AppArmor disabled/purged ) as well as per Ubuntu Forum ( ubuntuforums.org/showthread.php?t=735188&highlight=bind9+fail ).

    AppArmor is currently running and my usr.sbin.named is:
    Code:
    # vim:syntax=apparmor
    # Last Modified: Fri Jun  1 16:43:22 2007
    #include <tunables/global>
    
    /usr/sbin/named {
      #include <abstractions/base>
      #include <abstractions/nameservice>
    
      capability net_bind_service,
      capability setgid,
      capability setuid,
      capability sys_chroot,
    
      # /etc/bind should be read-only for bind
      # /var/lib/bind is for dynamically updated zone (and journal) files.
      # /var/cache/bind is for slave/stub data, since we're not the origin of it.
      # See /usr/share/doc/bind9/README.Debian.gz
      # /etc/bind/** r,
    
      # Dynamic updates needs zone and journal files rw. We just allow rw for all
      # in /etc/bind, and let DAC handle the rest > moved to /var/lib/named/etc/bind
      /var/lib/named/etc/bind/* rw,
    
      # if local zones are in a subdirectory
      /var/lib/named/etc/bind/zones/* rw,
      /var/lib/named/etc/bind/zones/external/* rw,
      /var/lib/named/etc/bind/zones/internal/* rw,
    
      /var/lib/bind/** rw,
      /var/lib/bind/ rw,
      /var/cache/bind/** rw,
      /var/cache/bind/ rw,
    
      # some people like to put logs in /var/log/named/
      /var/log/named/** rw,
    
      # dnscvsutil package
      /var/lib/dnscvsutil/compiled/** rw,
    
      /proc/net/if_inet6 r,
      /usr/sbin/named mr,
      /var/lib/named/var/run/bind/run/named.pid w,
      #/var/run/bind/run/named.pid w,
      # support for resolvconf
      /var/lib/named/var/run/bind/named.options r,
      #/var/run/bind/named.options r,
    
    # add also following lines thanks to Spezi2u
      /var/lib/named/dev/null rw,
      /var/lib/named/dev/random rw,
    
    }
    Contents of /etc/bind/ aka /var/lib/named/etc/bind/ are:
    Code:
    -rw-r--r-- 1 bind bind  237 2008-04-09 15:44 db.0
    -rw-r--r-- 1 bind bind  271 2008-04-09 15:44 db.127
    -rw-r--r-- 1 bind bind  237 2008-04-09 15:44 db.255
    -rw-r--r-- 1 bind bind  353 2008-04-09 15:44 db.empty
    -rw-r--r-- 1 bind bind  270 2008-04-09 15:44 db.local
    -rw-r--r-- 1 bind bind 2878 2008-04-09 15:44 db.root
    -rw-r--r-- 1 bind bind  907 2008-04-09 15:44 named.conf
    -rw-r--r-- 1 bind bind  165 2008-04-09 15:44 named.conf.local
    -rw-r--r-- 1 bind bind 3041 2008-12-21 13:51 named.conf.options
    -rw------- 1 root root  695 2008-12-21 13:51 named.conf.options~
    -rw-r----- 1 bind bind   77 2008-05-26 17:26 rndc.key
    -rw-r--r-- 1 bind bind 1317 2008-04-09 15:44 zones.rfc1918
    and still bind9 refuses to start from CLI or during reboot... It doesn't see to make any difference if I use OPTIONS="-u bind -t /var/lib/named" or OPTIONS="-u bind".

    Any suggestions would greatly appreciated.
    Last edited by docfx; December 21st, 2008 at 09:12 PM. Reason: added tags

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •